Three school districts have been hit by ransomware in North Louisiana this week.

Louisiana Governor John Bel Edwards has activated a state-wide state of emergency in response to a wave of ransomware infections that have hit multple school districts.

The ransomware infections took place this week and have impacted the school districts of three North Louisiana parishes — Sabine, Morehouse, and Ouachita.

IT networks are down at all three school districts, and files have been encrypted and are inaccessible, local media outlets are reporting.

This is the second time that a state governor has activated a state emergency due to ransomware or any form of cyber-attack. The first time was in Colorado in February 2018, when the Colorado Department of Transportation was forced to shut down operations because of an infection with the SamSam ransomware. However, that state emergency activated additional state resources to help with traffic, road management, and transportation, and not with deploying cyber-security experts to help victims, like in Louisiana’s case.

By signing the Emergency Declaration, the Louisiana governor is making available state resources to impacted schools.

This includes assistance from cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services, the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), and others.

State officials hope that additional IT expertise will speed up the recovery process so schools can resume their activity and preparations for the upcoming school year.

Gov. Edwards was able to roll out a coordinated response for the ransomware infections at schools in the North Louisiana because he previously established a Cybersecurity Commission to assemble and coordinate response teams in the event of a cyber-attack.

He created this commission in December 2017, in the year when three ransomware outbreaks — namely WannaCry, NotPetya, and Bad Rabbit — had caused havoc across the globe, including in Louisiana.

“This is exactly why we established the Cyber Security Commission, focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat,” Gov. Edwards said.

The state of emergency will remain in place until August 21, or until the recovery process at impacted school districts wraps up.

Gulf Coast neighbor Florida could have used a state of emergency declaration last month, as well, after three municipalities were hit by ransomware — Riviera Beach (paid $600,000); Lake City (paid $500,000); and Key Biscayne (recovered from backups).

In recent months, US cities have been a prime target for ransomware gangs. Earlier today, some residents of Johannesburg, South Africa’s biggest city and financial capital, have been left without electricity after a ransomware infection.

Article Credit

More than 500 patient medical records and other sensitive information were exposed in potential data breaches at Summa Health in August and March.

Summa Health announced Friday that it was sending letters to patients who were potentially affected by what the Akron-based health system called an “email phishing incident” that targeted Summa employees.

Email phishing is a term that describes when a person clicks on an email that looks legitimate and asks the person to input sensitive information. The email phishing could be the way a data breach occurs.

Summa said after its investigation, experts were unable to determine whether information such as medical records, treatment information, dates of birth and for a small subset of patients, Social Security and driver’s license numbers, contained in employee emails were viewed by the unauthorized people.

Summa said it was mailing letters to affected patients starting Friday, establishing a dedicated call center and offering free credit monitoring and protection services. It could take several weeks for the letters to arrive, spokesman Jim Gosky said.

Gosky said the number of affected patients is more than 500.

Summa learned May 1 that “an unauthorized person gained access to a limited number of employee email accounts that contained patient information,” according to a news release from the health system. Two accounts were accessed in August and two other accounts were accessed between March 11 and March 29.

Summa said it made sure the accounts were secured and began an investigation, including hiring a computer forensic firm. “The investigation was unable to determine whether the unauthorized individual actually viewed any email or attachment in the accounts,” Summa said.

Officials said “out of an abundance of caution, Summa Health thoroughly reviewed every email and attachment in the accounts to identify patients whose information may have been accessible to the unauthorized person. Patient information was identified in the accounts, including patient names, dates of birth, medical record or patient account numbers, and clinical and/or treatment information. For a small subset of patients, health insurance information, Social Security numbers, and/or driver’s license numbers were also found in the accounts.”

Summa said it was recommending patients review the statements they receive from their health care providers and health insurers. If there are unrecognizable services, contact the provider or insurer immediately. For eligible patients whose Social Security number or driver’s license number was found in the email accounts, Summa Health is offering complimentary credit monitoring and identity protection services. The details will be in the letter.

“Summa Health remains committed to protecting the confidentiality and security of its patients’ information. To help prevent something like this from happening in the future, Summa Health is reinforcing employee training on privacy and security and is instituting additional security measures throughout the health system,” the health system said.

Article Credit: Beacon Journal/Ohio.com

A small Florida city paid an extraordinary $600,000 in ransom this week to hackers who had locked up the city’s computer systems — highlighting an increasingly common dilemma for city leaders across the country. 

Cities have been hit with an increase in ransomware attacks in recent years since tight budgets have left them with outdated and hackable computer systems. But paying the ransoms to reverse the attack means putting money — taxpayer money — into the hands of nefarious hacking groups who probably will use it to target other victims.  

If they refuse to pay up, though, they could be saddled with an even bigger bill to get their cities back online. And they may have to deal with lasting consequences — like in Baltimore, where city leaders decided against paying the ransom and still hasn’t restored all its city services six weeks after a devastating attack. 

“When you pay the ransom, you’re making the bad guys better,” says Allan Liska, a threat intelligence analyst at cybersecurity firm Recorded Future. “But, from a strictly business perspective, sometimes you have to pay the ransom because the cost of not paying it is going to be much, much more.”

But cities, of course, are not just businesses – they have citizens who don’t want their tax dollars wasted and leaders who want to get re-elected. Given there are taxpayer costs to either choice, this is both a practical and moral question for city leaders. 

“It’s their constituents’ money and it’s taxpayer money, so that’s very different,” Liska tells me. 

Not to mention, there could also be career and electoral consequences for city officials who don’t stand up to bad guys. “No politician wants to go on record as having paid a ransom to a cybercriminal,” Liska said.

Already on Thursday, the payout had registered in Washington, where Sen. Marco Rubio (R-Fla.) said he’s working on ways the federal government can help.

A study from Recorded Future found that cities are actually slightly less likely to pay off ransomware hackers than other victims. Just 17 percent of the cities struck with ransomware in the study paid compared with about 45 percent of ransomware victims overall.

That figure could change, though, as city officials draw lessons from major ransomware attacks in cities that didn’t pay. In Baltimore, officials expect to pay about $18 million after refusing to pay a ransom demand of just about $70,000, and a 2018 attack in Atlanta cost the city about $2.6 million to recover from. 

In the case of Riviera Beach, Fla., the city suffered through three weeks during which city workers couldn’t access their email accounts and emergency dispatchers couldn’t log calls into computers, my colleague Rachel Siegel reported. Ultimately, the city council voted unanimously to pay the hackers 65 bitcoin, which amounts to about $592,000.

Price tags like that are bound to make city officials think twice about whether they can refuse a ransom demand, Joe Hall, chief technologist at the Center for Democracy and Technology, told me.

“You’d think the incentive would be to pay as little as possible,” he said.

Ransom payments and ransomware recovery costs are sometimes covered by insurance, but insurance rarely covers all the costs and a big payout will raise cities’ insurance rates. 

Another lesson cities are hopefully taking from the Baltimore, Atlanta and Riviera Beach examples, however, is that they should be better protecting their computer systems against hackers before the ransomware strikes, Tad McGalliard, director of research and policy at the International City/County Management Association, told me.

That includes installing basic protections such as guarding against phishing emails and requiring extra verification before people can access computer systems, he said. It also includes making sure that all the city’s vital records are backed up someplace offline where hackers can’t seize them and lock them up.

“We’re likely to see a continuing increase in ransomware attacks on local governments, but I hope we also see local governments taking note of this and doing everything in their power to bulk up their cyber defenses,” McGalliard said.

Article Credit: Washington Post

StorageCraft® OneXafe® is a converged data platform that unifies enterprise-class data protection with scale-out storage in an easy-to-use, configurable solution. For businesses looking to protect and manage their data in heterogeneous environments, OneXafe eliminates complexity and provides flexible deployment to accommodate various workload requirements. At the same time, it significantly reduces costs associated with primary and secondary storage as well as data protection software. By providing a converged solution, OneXafe removes the need for siloed point solutions and minimizes costs incurred from standalone hardware and software offerings. At the core of OneXafe is a patented distributed object-based file system that delivers universal data access by providing NFS and SMB access to users and applications. Data protection services are directly integrated into the distributed object store, delivering powerful backup and recovery, with a work flow optimized for simplified management. OneXafe tightly integrates with StorageCraft Cloud Services, with a single click it provides business continuity of data, network, and application recovery in StorageCraft’s Cloud. There are a number of configurable options available within OneXafe, from primary storage, to secondary storage, to enterprise-class data protection combined with secondary storage. It is seamlessly administered with OneSystem, our simple, intuitive, yet powerful management service. OneXafe enables ease of implementation for both powerful data protection and optimum scale-out storage.

Configuration:
OneXafe includes a multi-purpose storage appliance that can be configured based on your business needs.

– Converged Secondary: Enterprise-class data protection enabled and configured with secondary storage, reducing management complexity and operational costs.

– High Performance Storage: Scalable storage for high performance unstructured data and backup targets. Can be configured to serve primary storage for virtual workloads, unstructured data, or secondary storage with high performance needs.

– Capacity Storage: Scalable storage for large scale unstructured data and backup targets. Can be configured to serve as secondary storage for your backup needs.

In the case of disaster, OneXafe ensures business continuity with a complete, orchestrated virtual failover to the cloud in one click, when used with our Cloud Services. OneXafe’s tight integration with the cloud makes recovery of the entire infrastructure simple, quick, and seamless, while offering the highest service level agreements (SLAs) with one throat to choke.

Enterprise Systems Corporation is an industry partner of
StorageCraft® OneXafe® Solutions. Contact us today for more information.